| Message ID | 516a91f3997534f708af43c7592cbafdd53dd599.1730253508.git.xiaopei01@kylinos.cn |
|---|---|
| State | New |
| Headers | show |
| Series | [V2] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() | expand |
Pei Xiao <xiaopei01@kylinos.cn> wrote: > kmalloc may fail, return value might be NULL and will cause > NULL pointer dereference. Add check NULL return of kmalloc in > btc_fw_set_monreg(). > > Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn> > Fixes: b952cb0a6e2d ("wifi: rtw89: coex: Add register monitor report v7 format") 1 patch(es) applied to rtw-next branch of rtw.git, thanks. 81df5ed446b4 wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() --- https://github.com/pkshih/rtw.git
diff --git a/drivers/net/wireless/realtek/rtw89/coex.c b/drivers/net/wireless/realtek/rtw89/coex.c index b60c8bd4537b..092f882147cd 100644 --- a/drivers/net/wireless/realtek/rtw89/coex.c +++ b/drivers/net/wireless/realtek/rtw89/coex.c @@ -2507,6 +2507,8 @@ static void btc_fw_set_monreg(struct rtw89_dev *rtwdev) if (ver->fcxmreg == 7) { sz = struct_size(v7, regs, n); v7 = kmalloc(sz, GFP_KERNEL); + if (!v7) + return; v7->type = RPT_EN_MREG; v7->fver = ver->fcxmreg; v7->len = n; @@ -2521,6 +2523,8 @@ static void btc_fw_set_monreg(struct rtw89_dev *rtwdev) } else { sz = struct_size(v1, regs, n); v1 = kmalloc(sz, GFP_KERNEL); + if (!v1) + return; v1->fver = ver->fcxmreg; v1->reg_num = n; memcpy(v1->regs, chip->mon_reg, flex_array_size(v1, regs, n));
kmalloc may fail, return value might be NULL and will cause NULL pointer dereference. Add check NULL return of kmalloc in btc_fw_set_monreg(). Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn> Fixes: b952cb0a6e2d ("wifi: rtw89: coex: Add register monitor report v7 format") --- drivers/net/wireless/realtek/rtw89/coex.c | 4 ++++ 1 file changed, 4 insertions(+)